{"title":"Protecting clients from insider attacks on trust accounts","authors":"Sameera Mubarak, Jill Slay","doi":"10.1016/j.istr.2010.04.006","DOIUrl":"10.1016/j.istr.2010.04.006","url":null,"abstract":"<div><p>Law firms are no exception to the trend towards computerized information infrastructures, particularly because the very nature of their business is collecting and storing highly confidential client data. One area of activity which has come under intense security is the integrity of trust accounts. There have been many incidents of trust account fraud reported internationally, including a case in Australia, where a employee of a law firm stole $4,500,000 from the trust funds of forty-two clients. Trust account fraud is also widely associated with money laundering, a growing major crime involving financial transactions that enable unlawful activity to be disguised.</p><p>Our study involved interviewing principles of ten law companies to find out solicitors’ attitudes to computer security and the possibility of breaches of their trust accounts. We simultaneously carried out a survey to see if the trends identified in our case studies could be backed up with broader quantitative data. An overall finding highlights the fact that law firms were not current with technology to combat computer crime. However, from a human perspective, more urgent issues were discovered such as lack of monitoring of computer systems and inadequate access control. Our conclusions revealed the urgent need for law firms to adopt security controls, implement information security policies and procedures and obtain cooperation from management to communicate these policies to staff.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 4","pages":"Pages 202-212"},"PeriodicalIF":0.0,"publicationDate":"2009-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2010.04.006","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132336817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A safety approach to information security communications","authors":"Geordie Stewart","doi":"10.1016/j.istr.2010.04.003","DOIUrl":"10.1016/j.istr.2010.04.003","url":null,"abstract":"<div><p>Safety risk communications is a discipline which is significantly more mature than information security risk communications. This article reviews relevant topics in safety communications and discusses their potential application to information security.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 4","pages":"Pages 197-201"},"PeriodicalIF":0.0,"publicationDate":"2009-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2010.04.003","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115232716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Information security management: An entangled research challenge","authors":"Lizzie Coles-Kemp","doi":"10.1016/j.istr.2010.04.005","DOIUrl":"10.1016/j.istr.2010.04.005","url":null,"abstract":"<div><p>In May 2009 the Information Security Group, Royal Holloway, became host to a medical sociologist from St. George’s Hospital, University of London, under EPSRC’s discipline hopping scheme. As part of this knowledge transfer activity, a sociotechnical study group was formed comprising computer scientists, mathematicians, organisational researchers and a sociologist. The focus of this group is to consider different avenues of sociotechnical research in information security. This article briefly outlines some of the areas of research where sociotechnical studies might contribute to information security management.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 4","pages":"Pages 181-185"},"PeriodicalIF":0.0,"publicationDate":"2009-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2010.04.005","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116396576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The irreversible march of technology","authors":"S.M. Furnell","doi":"10.1016/j.istr.2010.04.002","DOIUrl":"10.1016/j.istr.2010.04.002","url":null,"abstract":"<div><p>The ongoing advancement of technology delivers numerous benefits, with enhanced functionality, more capable devices, and new online services all being made available to users on continual basis. At the same time, however, each new advance has the potential to introduce additional risk, with the consequence that users can quickly find themselves exposed if they do not maintain adequate safeguards and awareness. This paper considers some of the security challenges facing end-users, and the extent to which these have evolved alongside changes in the underlying technologies. The discussion reveals that while some aspects of security provision have clearly changed, this does not necessarily result in a situation that actually benefits the user. Indeed, they may find themselves facing a greater burden in terms of security tasks or complexity, or alternatively being underserved by protection options that no longer match the activities they are undertaking.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 4","pages":"Pages 176-180"},"PeriodicalIF":0.0,"publicationDate":"2009-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2010.04.002","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132288128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Contribution of corporate social responsibility to information security management","authors":"Theodosios Tsiakis","doi":"10.1016/j.istr.2010.05.001","DOIUrl":"10.1016/j.istr.2010.05.001","url":null,"abstract":"<div><p>Contemporary societies develop scepticism about the social responsibility of businesses. There are expectations that firms/corporations/industries/companies make more than just economic contributions. In the area of information technology, more and more companies recognize their responsibility to promote information security management, above and beyond the level required by law, in order to achieve/build a secure information society for daily business operations. While concepts of Corporate Social Responsibility (CSR) have been applied to a plethora of sectors/industries, information security from the aspect of CSR is still behind in both theory and practice. The purpose of this paper is to apply the concept of CSR to the practice of information security management. The paper reviews and analyzes the theoretical background (definitions) of CSR from both practice and the literature and tries to explain what socially responsible management of information security actually is.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 4","pages":"Pages 217-222"},"PeriodicalIF":0.0,"publicationDate":"2009-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2010.05.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121782526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"How do you make information security user friendly?","authors":"Andrew Jones","doi":"10.1016/j.istr.2010.04.001","DOIUrl":"10.1016/j.istr.2010.04.001","url":null,"abstract":"","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 4","pages":"Pages 213-216"},"PeriodicalIF":0.0,"publicationDate":"2009-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2010.04.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128203821","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Human factors in information security: The insider threat – Who can you trust these days?","authors":"Carl Colwill","doi":"10.1016/j.istr.2010.04.004","DOIUrl":"10.1016/j.istr.2010.04.004","url":null,"abstract":"<div><p>This paper examines some of the key issues relating to insider threats to information security and the nature of loyalty and betrayal in the context of organisational, cultural factors and changing economic and social factors. It is recognised that insiders pose security risks due to their legitimate access to facilities and information, knowledge of the organisation and the location of valuable assets. Insiders will know how to achieve the greatest impact whilst leaving little evidence. However, organisations may not have employed effective risk management regimes to deal with the speed and scale of change, for example the rise of outsourcing. Outsourcing can lead to the fragmentation of protection barriers and controls and increase the number of people treated as full time employees. Regional and cultural differences will manifest themselves in differing security threat and risk profiles. At the same time, the recession is causing significant individual (and organisational) uncertainty and may prompt an increase in abnormal behaviour in long-term employees and managers – those traditionally most trusted – including members of the security community. In this environment, how can organisations know who to trust and how to maintain this trust?</p><p>The paper describes a practitioner’s view of the issue and the approaches used by BT to assess and address insider threats and risks. Proactive measures need to be taken to mitigate against insider attacks rather than reactive measures after the event. A key priority is to include a focus on insiders within security risk assessments and compliance regimes. The application of technology alone will not provide solutions. Security controls need to be workable in a variety of environments and designed, implemented and maintained with people’s behaviour in mind. Solutions need to be agile and build and maintain trust and secure relationships over time. This requires a focus on human factors, education and awareness and greater attention on the security ‘aftercare’ of employees and third parties.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 4","pages":"Pages 186-196"},"PeriodicalIF":0.0,"publicationDate":"2009-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2010.04.004","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123138623","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The need for enhanced privacy and consent dialogues","authors":"Danijela Bogdanovic , Conn Crawford , Lizzie Coles-Kemp","doi":"10.1016/j.istr.2009.10.011","DOIUrl":"10.1016/j.istr.2009.10.011","url":null,"abstract":"<div><p>The aim of this article is to present the case for a closer examination of the privacy and consent dialogues that take place during the use of on-line services. This article explores the concepts of privacy and consent in on-line services, discusses the facets of both concepts and presents a case study from Sunderland City Council to illustrate the complexity of deploying privacy and consent dialogue within on-line services. The article concludes with an outline of how enhanced understanding of privacy and consent concepts can result in improved tools to support dialogue and result in a negotiated understanding of the privacy that can be expected and the consent that it is required. This rationale is the underpinning of the VOME project – Visualisation and Other Methods of Expression – funded by TSB, EPSRC and ESRC.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 3","pages":"Pages 167-172"},"PeriodicalIF":0.0,"publicationDate":"2009-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2009.10.011","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117171852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Reflections on privacy, identity and consent in on-line services","authors":"Louise Bennett","doi":"10.1016/j.istr.2009.10.003","DOIUrl":"10.1016/j.istr.2009.10.003","url":null,"abstract":"<div><p>The paper gives an overview of the evolution of the laws protecting personal data privacy in the UK over the last 30 years. Against this background, the author considers: the compromises to personal data privacy brought about by the electronic age; individual motivations for using e-services and the balance of risks and benefits; the place of identity management in e-transactions; and, the ways that data guardianship can be improved by an understanding of the roles and responsibilities of those responsible for personal data in organisations, data handlers and individual citizens. The conclusions reached are that once personal data has been recorded electronically it persists and the divide between public and private space is blurred. Citizens should retain rights to personal data including the right to be asked for their consent before it is shared or linked for commercial or administrative purposes. This puts a particular duty on government to behave (and be perceived to behave) responsibly and transparently with regard to the collection, use and disposal of personal data so as to create trust and support democracy.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 3","pages":"Pages 119-123"},"PeriodicalIF":0.0,"publicationDate":"2009-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2009.10.003","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133848081","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
